//package com.ict.framework.config;
//
//
//import com.ict.framework.config.properties.CasProperties;
//import com.ict.framework.security.handle.CasAuthenticationEntryPointImpl;
//import com.ict.framework.web.service.CustomUserDetailsService;
//import org.jasig.cas.client.session.SingleSignOutFilter;
//import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
//import org.slf4j.Logger;
//import org.slf4j.LoggerFactory;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.cas.ServiceProperties;
//import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
//import org.springframework.security.cas.authentication.CasAuthenticationProvider;
//import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
//import org.springframework.security.cas.web.CasAuthenticationFilter;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
//import org.springframework.security.web.authentication.logout.LogoutFilter;
//import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
//
///**
// * @author xc
// */
//@Configuration
//@EnableWebSecurity //启用web权限
//@EnableGlobalMethodSecurity(prePostEnabled = true) // 【启用方法验证】
//public class CasSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    private static final Logger log = LoggerFactory.getLogger(CasSecurityConfig.class);
//
//    @Autowired
//    private CasProperties casProperties;
//
//    /**
//     * 认证失败处理类
//     */
//    @Autowired
//    private CasAuthenticationEntryPointImpl unauthorizedHandler;
//
//    /**
//     * 解决 无法直接注入 AuthenticationManager
//     *
//     * @return
//     * @throws Exception
//     */
//    @Bean
//    @Override
//    public AuthenticationManager authenticationManagerBean() throws Exception {
//        return super.authenticationManagerBean();
//    }
//
//    /**
//     * 定义认证用户信息获取来源，密码校验规则等
//     */
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        super.configure(auth);
//        auth.authenticationProvider(casAuthenticationProvider());
//    }
//
//    /**
//     * 定义安全策略
//     */
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http
//                .csrf().disable()
//                // 认证失败处理类
//                .authorizeRequests()//配置安全策略
//                .antMatchers("/login", "/captchaImage").permitAll()
//                .antMatchers(
//                        HttpMethod.GET,
//                        "/*.html",
//                        "/**/*.html",
//                        "/**/*.css",
//                        "/**/*.js",
//                        "/"
//                ).permitAll()
//                .antMatchers("/profile/**").anonymous()
//                .antMatchers("/common/download**").anonymous()
//                .antMatchers("/common/download/resource**").anonymous()
//                .antMatchers("/swagger-ui.html").anonymous()
//                .antMatchers("/swagger-resources/**").anonymous()
//                .antMatchers("/webjars/**").anonymous()
//                .antMatchers("/*/api-docs").anonymous()
//                .antMatchers("/druid/**").anonymous()
//
//                // activiti modeler 放行
//                .antMatchers("/modeler/**").anonymous()
//                .antMatchers("/activiti/definition/upload").anonymous()
//                .antMatchers("/activiti/definition/readResource").anonymous()
//                .antMatchers("/activiti/process/read-resource").anonymous()
//
//                // 除上面外的所有请求全部需要鉴权认证
//                .anyRequest().authenticated().and()
//
//                //.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint()).and()
//                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
//                .addFilter(casAuthenticationFilter())
//                .addFilterBefore(casLogoutFilter(), LogoutFilter.class)
//                .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
//    }
//
//    /**
//     * 认证的入口
//     */
//    @Bean
//    public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
//        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
//        casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
//        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
//        return casAuthenticationEntryPoint;
//    }
//
//    /**
//     * 指定service相关信息
//     */
//    @Bean
//    public ServiceProperties serviceProperties() {
//        ServiceProperties serviceProperties = new ServiceProperties();
//        serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl());
//        serviceProperties.setAuthenticateAllArtifacts(true);
//        return serviceProperties;
//    }
//
//    /**
//     * CAS认证过滤器
//     * 判断是否已经登录，如果没有登录则根据配置的信息来决定将跳转到什么地方
//     */
//    @Bean
//    public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
//        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
//        casAuthenticationFilter.setAuthenticationManager(authenticationManager());
//        casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl());
//        return casAuthenticationFilter;
//    }
//
//    /**
//     * cas 认证 Provider
//     */
//    @Bean
//    public CasAuthenticationProvider casAuthenticationProvider() {
//        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
//        casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
//        casAuthenticationProvider.setServiceProperties(serviceProperties());
//        casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
//        casAuthenticationProvider.setKey("casAuthenticationProviderKey");
//        return casAuthenticationProvider;
//    }
//
//    /**
//     * 用户自定义的AuthenticationUserDetailsService
//     */
//    @Bean
//    public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService() {
//        return new CustomUserDetailsService();
//    }
//
//    /**
//     * 配置ticket校验器
//     *
//     * @return
//     */
//    @Bean
//    public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
//
//        return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl());
//    }
//
//    /**
//     * 单点登出过滤器
//     */
//    @Bean
//    public SingleSignOutFilter singleSignOutFilter() {
//
//        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
//        singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl());
//        singleSignOutFilter.setIgnoreInitConfiguration(true);
//        return singleSignOutFilter;
//    }
//    /**
//     * 请求单点退出过滤器
//     */
//    @Bean
//    public LogoutFilter casLogoutFilter() {
//
//        LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
//        logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl());
//        return logoutFilter;
//    }
//
//}
//
